Fancy Bear APT Targets US Senate and International Olympic Wintersports Federations

Trend Micro researchers recently observed advanced persistent threat (APT) group Fancy Bear – also known as APT 28 or Pawn Storm – attempting to conduct cyber-espionage activity against US Senators and the Olympic Wintersports Federations. In the second half of 2017, Fancy Bear was highly active, using spear-phishing tactics to obtain account credentials and deploy malware on targeted systems. The group specifically targeted the US Senate with an email campaign that distributed links to phishing sites. These sites mimicked an Active Directory Federation Service (ADFS) login page in an attempt to obtain victims’ account credentials. The NJCCIC recommends those who may be considered high-value targets for cyber-espionage campaigns review the Trend Micro report and scan for the indicators of compromise (IoCs) provided to determine whether malicious activity associated with this Fancy Bear campaign has been observed within your network. Organizations are strongly encouraged to implement a defense-in-depth cybersecurity strategy, employ the Principle of Least Privilege, and establish strong identity and access management controls, including multi-factor authentication.